CVE-2007-3883

Name of the Vulnerable Software and Affected Versions: Data Dynamics ActiveBar ActiveX control versions 3.2 and earlier

Description: The issue allows remote attackers to create or overwrite files by providing a full pathname in specific method arguments. This can be achieved through the second argument to the Save method, or the first argument to the SaveLayoutChanges or SaveMenuUsageData method.

Recommendations: For versions 3.2 and earlier, consider restricting access to the Save, SaveLayoutChanges, and SaveMenuUsageData methods until a fix is available. As a temporary workaround, avoid using full pathnames in the arguments to these methods to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.